In the latest version of VMware Cloud Director (VCD) 10.3.1, a new feature has been introduced that allows authenticated users to generate their own API tokens to grant access for automation against VCD. This feature provides several benefits, including improved security and easier task automation.
Before this release, automating tasks in VCD was challenging, as third-party solutions had to be used to manage or intercept API tokens. However, with the new feature, users can now generate their own API tokens directly from the VCD interface. This eliminates the need for creative workarounds and provides a more straightforward approach to automation.
One of the key benefits of this feature is that API tokens can be revoked. If a token is compromised or stolen, the user or an admin can revoke it, and subsequent API requests using it will be rejected. This provides an additional layer of security and ensures that only authorized users have access to VCD resources.
Another advantage of this feature is that API tokens in VCD 10.3.1 cannot perform certain tasks. They only have read-only rights for resources such as users, groups, roles, right bundles, and do not have the “Manage user’s own API token” right. This ensures that the token cannot be used to perform sensitive actions such as deleting or modifying resources.
To generate an API token, users must have the “Manage user’s own API token” right. The process can be done using PowerShell, and a short function has been created to simplify the steps. The function takes the VCD endpoint URI, tenant name, and API token as parameters and populates an environment variable named $Headers that can be used in subsequent API calls.
In conclusion, the new feature in VCD 10.3.1 that allows authenticated users to generate their own API tokens is a significant improvement over previous versions. It provides easier task automation, improved security, and better control over access to VCD resources. Users can now protect their workloads with Nakivo Backup & Replication, which offers capabilities to back up VCD objects such as vApps, individual VMs, and vApp metadata, ensuring that remote workloads can be recovered in case of a data loss event.